3 matches found
Cross-site Request Forgery (CSRF)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to insufficient validation of user-supplied input in the permalinkpage.php and loginpage.php URIs. Remediation Upgrade mantisbt/mantisbt to version 1.3.11,...
WordPress Advanced Ticket System < 1.0.64 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Navigate to Tickets Add New add all information on the title, post,...
MantisBT Cross-Site Scripting Vulnerability (CNVD-2017-28224)
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 1.2.19 and prior to 1.3.0-beta.2. A remote...